You can install SSL certificate for your domain with the following command:

cd /root
curl keitaro.io/enable-ssl.sh > run; bash run -D domain.com

Important! Make sure the domain has an active a-record with the server's ip.

cd /root
curl keitaro.io/enable-ssl.sh > run; bash run -D domain.com,domain2.com,domain3.com

The script will not work if the server was not configured by the script of single-click installation.

Important! Make sure the domain has an active a-record with the server's ip.

You need to enable SSL on CloudFlare if the domain is integrated with CloudFlare.

Run a command:

wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --install-only
mv -f certbot-auto /usr/bin/certbot

Put “y” in Is this ok [y/d/N]: query.

Try to run the SSL installation process again.

If you issued certificates for more than 100 domains, delete the old and unnecessary domains. Run the following command:

export domains="domain1.com domain2.com domain3.com"
for domain in $domains; do echo Deleting $domain; rm -f /etc/nginx/conf.d/$domain.conf; certbot delete --cert-name $domain; done

Update certbot utility:

curl -sSL https://dl.eff.org/certbot-auto > certbot-auto
chmod a+x ./certbot-auto
./certbot-auto --install-only
mv certbot-auto /usr/bin/certbot-2

In case, when you need to remove SSL certificate from domain of your site, you can use our special script which will delete SSL certificate and domain. Script will take domain name as parameter. To delete ssl certificate, you can use following command:

curl https://raw.githubusercontent.com/apliteni/centos_provision/current/scripts/delete-ssl.sh > delete-ssl; bash delete-ssl domain.com

Where domain.com - name of your domain, which you want to revoke and delete it's certificate. All certificates and their files, their keys, and configuration files of nginx of selected domain will be deleted (located in /etc/nginx/conf.d/).

There could be cases when you are issuing SSL certificate on a parked domain in your tracker, and such domain still wont work after certificate was issued (even if it was success) & SSL certificate validation (such as SSL labs for example) showing error “certificate name mis match”. That means that domain name on which SSL certificate was issued, has conflict in the chain of keys (in pem keys) of the certificate of the other domain which was issued previously (paid certificates, manually self-issued certificates and etc.).

Specifically, when checking certificate name - it will be showing domain name of the problem certificate with which such domain has conflic. In such case, you need to delete all the keys and certificates of such domain from a server, and also delete all the nginx configuration files related to this domain. You can do so easily with our Delete SSL certification files command, but first of all you need to check which CA key file is causing conflict. To do so, you need to check which CA name is linked to the key file.

openssl verify -verbose -x509_strict -CAfile key_file_name.pem 

Which will show you:

key_file_name.pem : CN = problemcertificate.ru
error 20 at 0 depth lookup:unable to get local issuer certificate

Which means that our SSL certificate wasn't checked by local domain issuer, since Certificate Name (CN) of such file “unable to get local issuer certificate”. To fix this issue, you need to delete SSL certificates and key files of such problem domain & nginx config, then restart nginx. After that, all your domain should be working with https.